From 0978ec154688dbbb5a9e82902fe7033acc4cd194 Mon Sep 17 00:00:00 2001 From: Leon Lynch Date: Sat, 26 Oct 2024 19:34:44 +0200 Subject: [PATCH] Fix code signing of targets for MacOS release builds * Improve output when the codesign binary is found. * Let CMakeLists.txt instead of the install script determine whether emv-decode and emv-tool are valid targets because it seems that the install script is unable to do that. * Improve output during signing because message() output does not appear to work for install scripts. * Fix the code signing path for emv-decode and emv-tool. --- viewer/CMakeLists.txt | 45 ++++++++++++++++++++++++++++--------------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/viewer/CMakeLists.txt b/viewer/CMakeLists.txt index 074cc36..554ceb1 100644 --- a/viewer/CMakeLists.txt +++ b/viewer/CMakeLists.txt @@ -257,30 +257,45 @@ install( option(SIGN_MACOSX_BUNDLE "Sign MacOS bundle using the specified identity (use - for ad-hoc signing)") if(APPLE AND BUILD_MACOSX_BUNDLE AND SIGN_MACOSX_BUNDLE) find_program(CODESIGN_EXECUTABLE codesign) - if(NOT CODESIGN_EXECUTABLE) + if(CODESIGN_EXECUTABLE) + message(STATUS "Found codesign: ${CODESIGN_EXECUTABLE}") + else() message(FATAL_ERROR "codesign not found") endif() # When using install(CODE) instead of CPACK_PRE_BUILD_SCRIPTS to sign # the bundle, it must always be the last install() command to ensure - # that all of the bundle files are already present + # that all of the bundle files are already present. + if(TARGET emv-decode) + install(CODE + " + execute_process(COMMAND \"${CMAKE_COMMAND}\" -E echo \"Using identity '${SIGN_MACOSX_BUNDLE}' to sign binary at \$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\$/Contents/bin/emv-decode\") + execute_process(COMMAND ${CODESIGN_EXECUTABLE} --sign \"${SIGN_MACOSX_BUNDLE}\" --deep \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\$/Contents/bin/emv-decode\") + execute_process(COMMAND ${CODESIGN_EXECUTABLE} --display --verbose --verbose=4 \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\$/Contents/bin/emv-decode\") + execute_process(COMMAND \"${CMAKE_COMMAND}\" -E echo \"Verifying binary at \$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\$/Contents/bin/emv-decode\") + execute_process(COMMAND ${CODESIGN_EXECUTABLE} --verify --verbose --deep \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\$/Contents/bin/emv-decode\") + " + COMPONENT emv_viewer_bundle + ) + endif() + if(TARGET emv-tool) + install(CODE + " + execute_process(COMMAND \"${CMAKE_COMMAND}\" -E echo \"Using identity '${SIGN_MACOSX_BUNDLE}' to sign binary at \$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\$/Contents/bin/emv-tool\") + execute_process(COMMAND ${CODESIGN_EXECUTABLE} --sign \"${SIGN_MACOSX_BUNDLE}\" --deep \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\$/Contents/bin/emv-tool\") + execute_process(COMMAND ${CODESIGN_EXECUTABLE} --display --verbose --verbose=4 \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\$/Contents/bin/emv-tool\") + execute_process(COMMAND \"${CMAKE_COMMAND}\" -E echo \"Verifying binary at \$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\$/Contents/bin/emv-tool\") + execute_process(COMMAND ${CODESIGN_EXECUTABLE} --verify --verbose --deep \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\$/Contents/bin/emv-tool\") + " + COMPONENT emv_viewer_bundle + ) + endif() install(CODE " - if(TARGET emv-decode) - message(STATUS \"Using identity '${SIGN_MACOSX_BUNDLE}' to sign binary at \$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\$/bin/emv-decode\") - execute_process(COMMAND ${CODESIGN_EXECUTABLE} --sign \"${SIGN_MACOSX_BUNDLE}\" --deep \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\$/bin/emv-decode\") - execute_process(COMMAND ${CODESIGN_EXECUTABLE} --display --verbose --verbose=4 \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\$/bin/emv-decode\") - execute_process(COMMAND ${CODESIGN_EXECUTABLE} --verify --verbose --deep \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\$/bin/emv-decode\") - endif() - if(TARGET emv-tool) - message(STATUS \"Using identity '${SIGN_MACOSX_BUNDLE}' to sign binary at \$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\$/bin/emv-tool\") - execute_process(COMMAND ${CODESIGN_EXECUTABLE} --sign \"${SIGN_MACOSX_BUNDLE}\" --deep \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\$/bin/emv-tool\") - execute_process(COMMAND ${CODESIGN_EXECUTABLE} --display --verbose --verbose=4 \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\$/bin/emv-tool\") - execute_process(COMMAND ${CODESIGN_EXECUTABLE} --verify --verbose --deep \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\$/bin/emv-tool\") - endif() - message(STATUS \"Using identity '${SIGN_MACOSX_BUNDLE}' to sign bundle at \$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\$\") + execute_process(COMMAND \"${CMAKE_COMMAND}\" -E echo \"Using identity '${SIGN_MACOSX_BUNDLE}' to sign binary at \$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\$\") execute_process(COMMAND ${CODESIGN_EXECUTABLE} --sign \"${SIGN_MACOSX_BUNDLE}\" --deep \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\$\") execute_process(COMMAND ${CODESIGN_EXECUTABLE} --display --verbose --verbose=4 \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\$\") + execute_process(COMMAND \"${CMAKE_COMMAND}\" -E echo \"Verifying binary at \$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\$\") execute_process(COMMAND ${CODESIGN_EXECUTABLE} --verify --verbose --deep \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/\$\") " COMPONENT emv_viewer_bundle